Posted 2/13/2024, 8:00:00 PM
QNAP Patches Critical Command Injection and Code Execution Flaws Affecting Nearly 300,000 Devices
- QNAP disclosed and released fixes for two new vulnerabilities, one a 0-day command injection flaw
- The flaws allow for arbitrary command execution on vulnerable devices
- Unit 42 found over 289,000 vulnerable publicly-facing devices globally
- QNAP released patches ahead of schedule, despite coordinated disclosure plans
- Multiple firmware versions across QTS, QuTS hero, and QuTScloud products are impacted to varying degrees